package com.bnz.security.controller;


import com.bnz.security.pojo.R;
import com.bnz.security.pojo.Users;
import com.bnz.security.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.annotation.Secured;
import org.springframework.security.access.prepost.PostAuthorize;
import org.springframework.security.access.prepost.PostFilter;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Service;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import sun.plugin.liveconnect.SecurityContextHelper;
import sun.security.util.SecurityConstants;

import java.util.List;

@RestController
public class UserController {

    @Autowired
    private UserService userService;


    @RequestMapping("/")
    public R comcane(){
        //获取登陆名
        String name = SecurityContextHolder.getContext().getAuthentication().getName();

        return R.ok().data("name",name);
    }

    @RequestMapping("/success")
    public String success(){
        return "success";
    }


    @GetMapping("/user/findAll")
 //   @Secured("ROLE_user")                                  //是否有角色权限
    @PreAuthorize("hasAuthority('user')")                  //方法执行前：是否有权限，如果没有权限方法内容不会执行
    //@PostAuthorize("hasAuthority('user111')")               //方法执行后：是否有权限，如果没有权限方法内容也会执行
    @PostFilter("filterObject.username=='张三'")            //只返回用户名为张三的列表
    public List<Users> findAll(){

        List<Users> users=userService.findAll();
        System.out.println(users);
        return users;
    }




}
